Single Sign On (SSO) Support in CentreStack via SAML

When it comes to Single Sign On support via SAML, there are always two parties.

One is the IdP (the identity provider)

and the other is SP (service provider).

In this documentation, the IdP will be a public IdP such as SSOCircle and the SP will be CentreStack. The SSOCircle is used as an example to set up the IdP, it can work with other IdP as well.

On the CentreStack side, it is a multi-tenant system and each tenant may want to have its own SSO service. So the Single Sign On is a per-tenant setting.

You can find the Single Sign On at the tenant manager section, under group policy and then "Single Sign On".

Step 1: Register CentreStack at IdP

IdP will need to register CentreStack as a service provider (SP) by importing the SP's meta data.
You will find the CentreStack's metadata at the following location (per-tenant setting).

We can use the following xml to register centrestack as an SP at SSOCircle.

Now at the SSOCircle, need to add a new service provider

In the next screen, we can paste in the xml from CentreStack side, set the FQDN to the URL contained within the XML, and check the 3 parameters, the FirstName, LastName and Email.

Now the SSOCircle side of the registration is done.

Step 2: Register SSOCircle at CentreStack side.

The IdP registration and SP registration is a two-way I trust you and now you trust me kind of manual setup.

The meta data from the SSOCircle look like this and it can be imported to CentreStack.

Inside the meta data from SSOCircle, you will see there is a HTTP-Redirect URL, that will be the URL we use to register the IdP. And also register the 3 paramaters (FirstName, LastName, EmailAddress) from the IdP.

Step 3: Login at the IdP, but use service at SP

As the summary, the IdP and SP register each other's meta data, register each other's URL and parameters. After that, it will be single signon at the IdP side. The login will be at the IdP side, and after login, it will redirect back to the SP side.

Comments

Popular posts from this blog

CentreStack is a managed file sync and share solution. When managed service provider use it to help clients to move local storage into cloud, they need to understand how the per-tenant storage is managed. This video demonstrates how to setup a tenant (a client or an organization) and setup tenant storage.There are two different kinds of storage on a per-tenant basis. One is the primary storage and one is secondary storage. So basically it is a multi-tenant system, and with each tenant can map its own root folder storage and mount additional secondary storage with the end goal of sharing folders in those storage locations out to other team users.

CentreStack is Gladinet's Managed File Sync, Share, and Collaboration Solution. At Gladinet, our goal is to make CentreStack administration very easy for IT and CentreStack admins. Administrators get a single and centralized management console from where they can administer, manage, and configure the entire CentreStack solution. Our auto-update options enable the admins to upgrade Windows and MAC clients automatically without asking the users to do manual upgrades.

This video demonstrates where and how the auto-update windows client option works.

CentreStack is the Gladinet's Managed File Sync and Share Solution. At Gladinet, we want to make sure we are always enhancing the feature set and also making it easy for the CentreStack admins to manage and administer the CentreStack environment from the central web management console. We have enhanced our web interface UI using the new and state of the art responsive design technologies. The look and feel now is very modern and appealing to the users. The web interface UI now resizes itself as the size changes.

The video below demonstrates the new web user interface design for web portal for CentreStack. It shows the wide screen and more responsive design including some of the new features.